Using Components with Known Vulnerabilities

The InsecureShop app contains a vulnerable library that allows any third-party app on the device to steal any file from the app's local storage and send this file to the arbitrary domain.

Hint: Checkout the Hackerone disclosures. One of the publicly disclosed report on Hackerone talks about this vulnerability and how this can be exploited.

PreviousTheft of Arbitrary files from LocalStorage NextInsecure Broadcast Receiver

Last updated 3 years ago